Process Hacker and Windows discussion

 
gh05t
Member
Posts: 5
Joined: 31 Aug 2015 13:24
OS: Windows 7 64bit

Avast blocking KProcessHacker driver

31 Aug 2015 13:32

Hi.
Some times ago (about 2 weeks) ProcessHacker have stoped load KProcessHacker.sys driver.
I use ProcessHacker 2.36 (r61530. Tried on Windows 7 SP1 (x86 and x54) and Windows 10 x64. Driver does not loaded on all systems.
Also I try to start it from "Create service..." and got error too.

Please, check it.
 
User avatar
dmex
Admin
Posts: 1555
Joined: 17 Jan 2011 05:43
Location: Australia

Re: Driver KProcessHacker does not loaded.

01 Sep 2015 02:17

You need to select the Hacker menu > Show details for all processes.

The + symbol in the window title indicates if KPH has been loaded and connected :thumbup:
 
gh05t
Member
Posts: 5
Joined: 31 Aug 2015 13:24
OS: Windows 7 64bit

Re: Driver KProcessHacker does not loaded.

01 Sep 2015 13:06

Thank you for reply.

I'm sorry, but I can't find "Show details for all processes" in Hacker menu:
hacker.jpg
Also, on Win 7 x86, when I selected menu Tools > Hidden processes, I got error:
hidden_process.jpg
Before I saw KProcessHacker in Services list, now it is not there.
 
User avatar
viksoftru
Member
Posts: 617
Joined: 15 Aug 2011 06:01
OS: Win7 (Live! DVD), BSD
Location: Russia

Re: Driver KProcessHacker does not loaded.

09 Sep 2015 01:32

To install the driver need administrator rights and knowledge, or use the installer. Version without installation (zip) does not install the driver.
 
User avatar
TETYYS
Contributor
Posts: 515
Joined: 23 Apr 2013 10:37
OS: Win 10 x64

Re: Driver KProcessHacker does not loaded.

09 Sep 2015 12:02

Version without installation (zip) does not install the driver.
It does.
 
gh05t
Member
Posts: 5
Joined: 31 Aug 2015 13:24
OS: Windows 7 64bit

Re: Driver KProcessHacker does not loaded.

12 Sep 2015 12:32

To install the driver need administrator rights and knowledge, or use the installer. Version without installation (zip) does not install the driver.
I know about it and it has administrator rights.
The most strange thing is that it work good (load driver) all time until middle of August and then stop loaded driver on all systems (Win 7 32/64 and Win 10 x64). The ProcessHacker version stay the same and systems was the same.
I think, maybe Microsoft made same updates which block KProcessHacker driver. May developer check it?
 
User avatar
dmex
Admin
Posts: 1555
Joined: 17 Jan 2011 05:43
Location: Australia

Re: Driver KProcessHacker does not loaded.

26 Feb 2016 14:39

I think, maybe Microsoft made same updates which block KProcessHacker driver. May developer check it?
We haven't found issues that could have been caused by any Microsoft updates. Do you still have this problem?
 
gh05t
Member
Posts: 5
Joined: 31 Aug 2015 13:24
OS: Windows 7 64bit

Re: Driver KProcessHacker does not loaded.

02 Mar 2016 16:23

I think, maybe Microsoft made same updates which block KProcessHacker driver. May developer check it?
We haven't found issues that could have been caused by any Microsoft updates. Do you still have this problem?
Yes, I still not see kprocesshacker in Services list and can not start it manually.

My system: Win 7 SP1 x86. UAC is switched off. I run ProcessHacker "as Administrator".
2016-03-02_172708.jpg
 
User avatar
dmex
Admin
Posts: 1555
Joined: 17 Jan 2011 05:43
Location: Australia

Re: Driver KProcessHacker does not loaded.

02 Mar 2016 19:02

I noticed in your screenshot that you have Avast running. I performed some tests and discovered that Avast is silently blocking our driver.

I have contacted Avast about this and I'll update the thread if there's any new information.
 
User avatar
wj32
Founder
Posts: 948
Joined: 17 Jan 2011 05:19
OS: Windows
Location: Australia
Contact:

Re: Driver KProcessHacker does not loaded.

03 Mar 2016 03:17

Microsoft is not likely to do such a thing.

You should switch to x64 ASAP and uninstall Avast (or any other security software you have). 32-bit is very outdated.
 
gh05t
Member
Posts: 5
Joined: 31 Aug 2015 13:24
OS: Windows 7 64bit

Re: Driver KProcessHacker does not loaded.

03 Mar 2016 15:59

Microsoft is not likely to do such a thing.

You should switch to x64 ASAP and uninstall Avast (or any other security software you have). 32-bit is very outdated.
On my other system (Win 10 Pro, x64) situation the same. I think problem in Avast, if it block driver it do it silently (no warning about virus or other other security reasons). I'll try uninstall Avast to check it, because switch off protection does not help.
 
User avatar
wj32
Founder
Posts: 948
Joined: 17 Jan 2011 05:19
OS: Windows
Location: Australia
Contact:

Re: Driver KProcessHacker does not loaded.

16 Mar 2016 15:50

The next version of KPH will implement image verification, and will not be blocked by Avast.
 
User avatar
dmex
Admin
Posts: 1555
Joined: 17 Jan 2011 05:43
Location: Australia

Re: Driver KProcessHacker does not loaded.

16 Mar 2016 16:34

I have contacted Avast about this and I'll update the thread if there's any new information.
We have been discussing this with Avast over the last few weeks... Avast has agreed to notify users when our driver has been blocked but will not be unblocking our driver.
Last edited by dmex on 11 Dec 2016 05:02, edited 1 time in total.
 
alex

avast detect

12 Apr 2016 21:43

When I run Proccess Hacker avast say to me "Blocked by Avast self-defense: kprocesshacker.sys (path to \ProcessHacker.exe).
 
User avatar
wj32
Founder
Posts: 948
Joined: 17 Jan 2011 05:19
OS: Windows
Location: Australia
Contact:

Re: avast detect

13 Apr 2016 00:20

Are you using the latest version of PH?
 
MagoPeppe

Re: avast detect

15 Apr 2016 10:30

Hi. I've the same issue here: I'm runnung PH 2.39.124 and latest Avast (11.2.2261 but it returned the same pop-up even with 11.2.2260 if I remember correctly).
With Windows XP 32bit (on my old notebook) everything is fine but when I try PH on Windows 10 both on my notebook and desktop, here we go with Avast pop-up.
Thanks!
 
jrivett

Re: avast detect

20 Apr 2016 17:42

Same here. Just updated Avast to latest version and now when I run Process Hacker 2.39.124, Avast pops up this message:
"Blocked by Avast self-defence. kprocesshacker.sys (C:\Program Files\Process Hacker 2\ProcessHacker.exe)"
I've added kprocesshacker.sys and ProcessHacker.exe to the global excludes, and to the File System Shield excludes, but it didn't help.
Process Hacker still works, but with limited functionality.
Windows 8.1 64 bit.
 
shackles
Member
Posts: 17
Joined: 03 Jan 2016 22:44
OS: windows

Re: avast detect

30 Apr 2016 21:45

Same here I cant use PH on my laptop that has avast.. Well I can use it but without the driver.
 
Microwave89
Member
Posts: 9
Joined: 11 Jul 2015 15:47
OS: Windows 10 10586 x64

Re: avast detect

30 Apr 2016 22:28

When I had installed avast on my machine (in order to attempt bypass its HIPS) it also used to block kprocesshacker for self defense reasons. In avast 2015 it created named devices named the same as kprocesshacker's devices.
Since avast was SERVICE_BOOT_START but kprocesshacker.sys only SERVICE_SYSTEM_START kproceshacker.sys could not create its device, because it was already there created by avast.
Funny idea.. But do these guys think kprocesshacker is the only thing which could be "dangerous" to avast?

Kind regards,
Microwave89
 
shackles
Member
Posts: 17
Joined: 03 Jan 2016 22:44
OS: windows

Re: avast detect

02 May 2016 16:42

I think its quite stupid of them to be honest. They have bigger fish to catch than not letting a signed driver to be installed...